One of the main advantages of using the authentication token (eg OAuth2) is that the client application does not need to save the credentials locally. The client application sends the credentials once for the initial login, then forget them as long as you do not need to re-authorize the application, when the client application prompts the user to enter again.
In contrast to the version 1 OAuth2 does not require you to sign the request; bearer token can be used as long as it is valid without any measure, this may seem like a safety issue but the process takes advantage of simplification.